<p>BlackBerry is urging BlackBerry Enterprise Server (BES) customers to apply an update which fixes two flaws, one of which can be exploited by merely sending a BlackBerry smartphone an email with a malicious embedded TIFF.</p><p>The flaws, detailed in an advisory last week, are found in the way two BES services process TIFF files for rendering on BlackBerry smartphones. BlackBerry Mobile Data System (MDS) Connection Service processes TIFF files on web pages, while BlackBerry Messaging Agent processes images in email messages. Both are vulnerable to attacks using malicious TIFF files.</p><p>"These vulnerabilities could allow an attacker to execute arbitrary code using the privileges of the BlackBerry Enterprise Server login account," BlackBerry said in the advisory.</p><p>To exploit the TIFF flaw in MDS, an attacker would need to trick a BlackBerry user into clicking a link to a malicious web page, while an attack on BlackBerry Messaging Agent could be achieved merely by sending a BlackBerry user a malicious embedded TIFF by email or instant message.</p><p><a href="http://www.zdnet.com/blackberry-enterprise-server-malicious-tiff-attack-discovered-7000011498/">Keep reading...</a></p><p>Read also:</p><p><a href="http://www.h-online.com/security/news/item/BlackBerry-Enterprise-Server-vulnerable-to-dangerous-TIFFs-1805252.html">BlackBerry Enterprise Server vulnerable to dangerous TIFFs</a> (The H)</p><p>Explore: <a href="http://news.google.com/news/more?ncl=dthwijaEhHCMpEM_p57It8729WB0M&ned=us">10 additional articles.</a></p>